Site-to-Site VPN and Client VPN together

I have 2 new Pix 501's. Can anyone tell me if you can have a site-to-site VPN running and access one of the PIX's via VPN Cisco Client Software at the same time?

I am able to get the site-to-site tunnel working with the Cisco documentation about creating a simple IPSec tunnel between 2 sites. I am also able to get the Client-to-Pix VPN working by using the Cisco doc's pertaining to creating a Client VPN with AES.

However, I can't seem to make them both work at the same time. Can someone help me with this issue? I need the 2 Pix's connected via VPN, but I also need to access each network from home. Thus, the need for Client-to-Pix and Site-to-Site.

Re: Site-to-Site VPN and Client VPN together

Thanks for the help! I was able to get the site-to-site Tunnel and the VPN CLient Working at the same time.

However, when I get connected with the Cisco Client, I am unable to ping anything on the LAN. Thus, I am unable to connect to any machnes and/or files. It connects just fine to my branch, but I can't access anything.

Re: Site-to-Site VPN and Client VPN together

Going back to your question - 'you can connect via the vpn client but can not access any resources on the internal LAN, i.e. can not ping'

What you'll need to do is (in config mode) add the following command to the PIX that you are connecting to via the vpn client:

isakmp nat-traversal

Now you should be able to ping any internal LAN clients via your vpn client. Also, if you intend to manage the PIX via your vpn client, i.e. run PDM etc, what you can do is add the following command to your PIX, again in config mode:

management access-inside

http server enable

http 172.16.1.0 255.255.255.0 inside

save with: write mem

Now you should be able to ping the internal interface ip of you pix via the vpn client and also run PDM.

Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...
view more